Which of the following approaches is BEST for selecting controls to minimize information security risks?

• A.Cost-benefit analysis
• B.Control-effectiveness
• C.Risk assessment
• D.Industry best practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST demonstrates that the objectives of an information security governance framework are being met?

• A.Risk dashboard
• B.Key performance indicators (KPIs)
• C.Penetration test results
• D.Balanced scorecard

Comment: *

Name: *

Email: *

Verification: *

The BEST way to establish a recovery time objective (RTO) that balances cost with a realistic recovery time frame is to:

• A.perform a business impact analysis.
• B.determine daily downtime cost.
• C.analyze cost metrics.
• D.conduct a risk assessment.

Comment: *

Name: *

Email: *

Verification: *

When creating an information security governance program, which of the following will BEST enable the organization to address regulatory compliance requirements?

• A.A security control framework
• B.Input from the security steering committee
• C.An approved security strategy plan
• D.Guidelines for processes and procedures

Comment: *

Name: *

Email: *

Verification: *

After assessing and mitigating the risks of a web application, who should decide on the acceptance of residual application risks?

• A.Information security officer
• B.Chief information officer (CIO)
• C.Business owner
• D.Chief executive officer (CF.O)

Comment: *

Name: *

Email: *

Verification: *